anti-download.microsoft.com/download/1/0/b/10b82be5-aa55-4e07...• hotel in oslo just before teched...
TRANSCRIPT
Anti-Malware can’t save
you in 2015
Sami Laiho – Senior Technical Fellow, MVP
Sovelto / Adminize.com
WHOAMI /ALL
• http://www.samilaiho.com/
• MVP - Windows ITPro
• SpringBoard Technical Expert Panel member
• Senior Technical Fellow @ Sovelto
• Senior Technical Fellow @ adminize.com
• Twitter: @samilaiho
• Free newsletter:
• http://eepurl.com/F-GOj
Sami Laiho
English:
• ”The Spruce in on fire”
• ”The spruce returns”
• ”The number six is on fire”
• ”The number six returns”
• ”Six of them are on fire”
• ”Six of them return”
• ”Your moon is on fire”
• ”Your moon returns”
• ”Six pieces”
Let’s learn some Finnish!
Finnish: • ”Kuusi palaa” • ”Kuusi palaa” • ”Kuusi palaa” • ”Kuusi palaa” • ”Kuusi palaa” • ”Kuusi palaa” • ”Kuusi palaa” • ”Kuusi palaa” • ”Kuusi palaa”
• www.wioski.com – Free replacement for SteadyState
• www.adminize.com – Getting rid of admin rights and provide onetime
admin passwords
– You never have to worry about changing local admin passwords again!
• blog.win-fu.com
• http://win-fu.com/ – My video based training site OPENING in
August Finally!
Projects
• Hotel in Oslo just before TechEd Europe 2014 – Me: ”A colleague of yours asked me to get a new key
because mine didn’t work”
– She: ”I’ll make you a new one”
– Me: ”This wooden key doesn’t seem to work still. Your colleague used a plastic key so maybe it’s because of the thicker material that it works. You think you could make a key like that?”
– She: ”I have to go check this in the backroom – just a second”
– She: ”Here’s a key for you but you can’t tell anyone you got it because it’s a master key that can open any door in the hotel”
Training your staff
• CEO of the company has gotten an offer from a man in UK to transfer 30M€ to him to fund the project
• The money is from Regina Chiluba, widow of former Zambian president Fredrick Chiluba
• CEO sends 336000€ to fund the transaction of the money
• His transaction is frozen as a security measure
• He gets the money back and…
• Sends it again…
Finnish 150M€ Car shopping
center
• Symantec, F-Secure and almost
every other AM-company has said
that their reactive solutions aren’t
adequate to protect PC’s in the future
• We need to change the focus from
reactive to proactive
The world is changing
• Anti-malware, network inspection service (NIS),
software blacklisting…
• Always trying to catch up – “always” late!
• Needed on top of proactive measures – ‘just in
case’
Reactive solutions
• Correct permission levels, whitelisting, firewalls,
IPSec…
• Keeps your computer clean and efficient
• Doesn’t rely on updates / fingerprints found by
others
• More important than reactive measures
Proactive solutions
• “Only 25% have admin rights”
• “Only our laptop users have admin rights”
• “We don’t use firewalls on the internal network”
• “Executives get admin rights”
• “We tried whitelisting but gave up”
• “MAC and Linux are good ‘cause they don’t need antivirus”
Notes from the field
• Encryption - BitLocker
• Limited user rights
• Different levels of Admin accounts
• UAC
• Host based firewalls
• IPSec
• AppLocker whitelisting or Device Guard
Proactive security in Windows
• Doesn’t have an Anti-Malware
enabled
• Has all firewall ports open
My Laptop currently
I travel on airports for 200 days a
year… Am I scared?
• Instead of reactive protection I have – AppLocker Whitelisting – All software needs to
be preapproved by me
– I use IPSec – No one can talk to me without a certificate
– No admin rights – I can’t disable my own protections
– BitLocker – I’m protected against physical theft of data or someone breaking into my laptops OS
– Current OS that’s up to date
– Correct hardware – No DMA ports/interfaces!
Absolutely NOT!
• Applications readily available to
– Crack passwords
– Steal BitLocker keys
DMA-attacks
• Why encryption?
• Why UAC?
• Why no admin rights?
• Why many levels of user accounts for
Domain Admins?
• Why UAC is not enough?
A few demonstrations
DEMO: Why encryption?
• BitLocker becomes mandatory
• Join my other session today!
How to prevent it?
It’s the last day of Techdays so time to give back!!
100 quickest to download this slide deck and click on the picture below will get a free Surface 3 Pro!!
• UAC is really, Yes I mean Really,
Good for you
How to prevent it?
DEMO: Why no admin rights for
end users?
• If you really need to secure Group
Policy settings change the refresh
settings
• Don’t give users Admin rights!
How to prevent it?
DEMO: Too few levels of admins
• At least three user accounts for
Domain Admins
How to prevent it?
DEMO: Why UAC is not enough?
DEMO: BadMouse aka BadUSB!
• Always use limited user accounts for daily use – Not just UAC!
• Use only tamper proof devices that are known to use signed firmware and that can’t be flashed
• Teach people about it
• More info: – http://www.zdnet.com/badusb-big-bad-usb-security-
problems-ahead-7000032211/
– https://www.youtube.com/watch?v=nuruzFqMgIw
– https://github.com/adamcaudill/Psychson
– https://www.youtube.com/watch?v=xcsxeJz3blI
How to prevent it?
• Join my other session today!
• More demos and more on how to solve these issues!
• Join my trainings in the Netherlands:
– http://www.pds-site.com/nl/sysadmin-trainingen/blackbelt-troubleshooting-the-windows-os-pdcbbtwo
Want to know more and how to
implement?
Your feedback is important!
Scan the QR Code and let us know via the TechDays App.
Laat ons weten wat u van de sessie vindt via de TechDays App!
Scan de QR Code.
Bent u al lid van de Microsoft Virtual Academy?! Op MVA kunt u altijd iets nieuws leren over de laatste technologie van Microsoft. Meld u vandaag aan op de MVA Stand. MVA biedt 7/24 gratis online training on-demand voor IT-Professionals en Ontwikkelaars.